<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>server_3</title>
    </head>
    <body>
        <h1>Web安全与防护技术——实验二：浏览器安全</h1>
        <h2>
            当前路径：<span id="cururl"></span>
        </h2>
        <hr>
        <h1>访问子页面</h1>
        <button style="padding: 8px;margin: 10px;" onclick="getData()">获取敏感信息</button>
        <iframe id="targetFrame" src="http://www.websecurity.com/benign1.html" width="100%" height="600px"></iframe>
        <script>
            document.getElementById('cururl').innerHTML = window.location.href;
            function getData() {
                try {
                    // 尝试访问iframe中的内容
                    const frame = document.getElementById('targetFrame');
                    const sensitiveContent = frame.contentWindow.document.getElementById('sensitiveData').innerHTML;
                    console.log('敏感信息：', sensitiveContent);
                } catch(e) {
                    console.error('同源策略阻止：', e);
                }
            };
        </script>
    </body>
</html>